Facebook is not upfront about this practice. In fact, when I asked
its PR team last year whether it was using shadow contact
information for ads, they denied it. Luckily for those of us
obsessed with the uncannily accurate nature of ads on Facebook
platforms, a group of academic researchers decided to do a deep
dive into how Facebook custom audiences work to find out how
users’ phone numbers and email addresses get sucked into the
advertising ecosystem. […]

The researchers also found that if User A, whom we’ll call Anna,
shares her contacts with Facebook, including a previously unknown
phone number for User B, whom we’ll call Ben, advertisers will be
able to target Ben with an ad using that phone number, which I
call “shadow contact information,” about a month later. Ben can’t
access his shadow contact information, because that would violate
Anna’s privacy, according to Facebook, so he can’t see it or
delete it, and he can’t keep advertisers from using it either.

The lead author on the paper, Giridhari Venkatadri, said this was
the most surprising finding, that Facebook was targeted ads using
information “that was not directly provided by the user, or even
revealed to the user.”

Paraphrasing, Hill’s back and forth with Facebook over these practices went like this:

Hill: Facebook, are you doing this terrible thing?

Facebook: No, we don’t do that.

Hill, months later: Here’s academic research that shows you do this terrible thing.

Facebook: Yes, of course we do that.

At this point I consider Facebook a criminal enterprise. Maybe not legally, but morally. How in the above scenario is Facebook not stealing Ben’s privacy?